× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8829cff9b383d2949dfe4e28b6438c7963b4f84bde944a1fae3ceb3f680d7828
File name: 8829cff9b383d2949dfe4e28b6438c7963b4f84bde944a1fae3ceb3f680d7828
Detection ratio: 1 / 65
Analysis date: 2019-03-24 22:08:38 UTC ( 3 weeks, 4 days ago ) View latest
Antivirus Result Update
Zillya Trojan.Generic.Win32.627766 20190324
Acronis 20190322
Ad-Aware 20190324
AegisLab 20190324
AhnLab-V3 20190324
Alibaba 20190306
ALYac 20190324
Antiy-AVL 20190324
Arcabit 20190324
Avast 20190324
Avast-Mobile 20190324
AVG 20190324
Avira (no cloud) 20190324
Babable 20180918
Baidu 20190318
BitDefender 20190324
Bkav 20190320
CAT-QuickHeal 20190324
ClamAV 20190324
CMC 20190321
Comodo 20190324
CrowdStrike Falcon (ML) 20190212
Cybereason 20190324
Cyren 20190324
DrWeb 20190324
eGambit 20190324
Emsisoft 20190324
Endgame 20190322
ESET-NOD32 20190324
F-Secure 20190324
Fortinet 20190324
GData 20190324
Ikarus 20190324
Sophos ML 20190313
Jiangmin 20190324
K7AntiVirus 20190324
K7GW 20190324
Kaspersky 20190324
Kingsoft 20190324
Malwarebytes 20190324
MAX 20190324
McAfee 20190324
McAfee-GW-Edition 20190324
Microsoft 20190324
eScan 20190324
NANO-Antivirus 20190324
Palo Alto Networks (Known Signatures) 20190324
Panda 20190324
Qihoo-360 20190324
Rising 20190324
SentinelOne (Static ML) 20190317
Sophos AV 20190322
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190324
Tencent 20190324
TheHacker 20190324
TotalDefense 20190324
Trapmine 20190301
TrendMicro-HouseCall 20190324
Trustlook 20190324
VBA32 20190322
ViRobot 20190324
Yandex 20190324
ZoneAlarm by Check Point 20190324
Zoner 20190324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Avira Operations GmbH & Co. KG and its Licensors

Product Avira
Original name Avira.OE.Setup.Bundle.exe
Internal name setup
File version 1.2.131.15242
Description Avira
Signature verification Signed file, verified signature
Signing date 2:46 PM 3/12/2019
Signers
[+] Avira Operations GmbH & Co. KG
Status Valid
Issuer Symantec Class 3 Extended Validation Code Signing CA - G2
Valid from 11:00 PM 10/11/2016
Valid to 10:59 PM 10/12/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 9900CFAABC45B4247F9D78EE7E12B102D25EA325
Serial number 1F EB 54 56 B9 E0 C2 C6 83 57 C4 29 75 B9 82 24
[+] Symantec Class 3 Extended Validation Code Signing CA - G2
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 03/04/2014
Valid to 11:59 PM 03/03/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5B8F88C80A73D35F76CD412A9E74E916594DFA67
Serial number 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G3
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 12:00 AM 12/23/2017
Valid to 11:59 PM 03/22/2029
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint A9A4121063D71D48E8529A4681DE803E3E7954B0
Serial number 7B D4 E5 AF BA CC 07 3F A1 01 23 04 22 41 4D 12
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 01/12/2016
Valid to 11:59 PM 01/11/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 11:00 PM 04/01/2008
Valid to 11:59 PM 12/01/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Packers identified
F-PROT CAB, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-12 13:45:12
Entry Point 0x00037F09
Number of sections 7
PE sections
Overlays
MD5 aeeccc20fcb8d7dc35cea69c37a6e501
File type data
Offset 467456
Size 5337184
Entropy 8.00
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
SetEntriesInAclW
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
InitializeSecurityDescriptor
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
InitiateSystemShutdownExW
QueryServiceConfigW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
GetSystemTime
InterlockedDecrement
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetModuleHandleA
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
DosDateTimeToFileTime
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
CreateFileMappingW
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
SystemTimeToTzSpecificLocalTime
VirtualAlloc
CompareStringA
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
SetWindowLongW
MessageBoxW
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
IsWindow
PostThreadMessageW
MonitorFromPoint
WaitForInputIdle
IsDialogMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_MESSAGETABLE 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.131.15242

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Avira

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
177664

EntryPoint
0x37f09

OriginalFileName
Avira.OE.Setup.Bundle.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Avira Operations GmbH & Co. KG and its Licensors

FileVersion
1.2.131.15242

TimeStamp
2019:03:12 14:45:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
1.2.131.15242

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira Operations GmbH & Co. KG

CodeSize
288768

ProductName
Avira

ProductVersionNumber
1.2.131.15242

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bd4808bc104444f3e50066cdea09c438
SHA1 4c6e5c34fbc57ca11838dde27ff03a00202ce370
SHA256 8829cff9b383d2949dfe4e28b6438c7963b4f84bde944a1fae3ceb3f680d7828
ssdeep
98304:xY1/xZwZmjVYKHrZ1euXww7r74uuWSNn85GjLGh30A1nUbo8kquR/a5K:m1QmZ1Zf239IcLG1ebw7

authentihash c1b676f6c4528f745c209fdb64a73df5b31e362e83a4c927723110bbe28703c0
imphash d18cde94cdc6e930f022e2819d39a2bd
File size 5.5 MB ( 5804640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-03-12 16:41:24 UTC ( 1 month, 1 week ago )
Last submission 2019-03-24 22:08:38 UTC ( 3 weeks, 4 days ago )
File names avira_en_avpp0___sfc.exe
avira_en_fass0_5c0c52a5856c1__ws.exe
avira_en_froe3_5c8e404804924__ws.exe
avira_de_ispm0_3015209155_93rysst3cp5uugew4omy_wd.exe
avira_fr_fass0_5be9f0eeb9286__ws.exe
avira_fr_fass0_59aed996513b8__ws.exe
avira_fr_fass0_1436246211-1553087490__ws.exe
avira_en_swoe1_5c8aad42d756e__ws.exe
avira_ja_froe3_508394910-1553262123__ws.exe
avira_fr_av_59aede1b4d136__ws.exe
avira_en_asu80_579993900db31__ws.exe
avira_en_asu80___s32.exe
avira_fr_fass0_952684770-1553228596__ws.exe
avira_en_fass0_1120831598-1552455012__ws.exe
avira_en_froe3_5c9646bdbc06d__ws.exe
avira_de_av_5a05d950596ca__ws.exe
avira_en_fass0_-72b4dfb5-01b6-44d0-9cef-adc3c1f15b10__ws.exe
avira_ja_fass0_688367749-1552643427__ws.exe
avira_de_fass0_5c913a15b01a3__def.exe
avira_en_fass0_5c92758ae0d09__ws.exe
avira_es_fass0_1535514321-1551470918__ws28.exe
avira_en_vpnb0_5c97363e5501e__ws.exe
avira_de_fass0_5c91410ad8d93__ws.exe
avira_en_fass0_272863763-1551476889__ws.exe
avira_en_ashs0_5c8c97dad860a__ame.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Runtime DLLs